How Veritas Protects Your IT Services Against Ransomware Attacks

Schutz May 26, 2021

Ransomware is a vicious malware that locks users out of their devices or blocks access to data until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries an attack is considered a data breach. 81% of all ransomware infections involve enterprise organizations and cost as much as $11.5 billion in 2019. Ransomware threats are targeted to annually cost the global economy 6 trillion USD by 2021. Protection is the main line of defense in the event of an attack.

Veritas provides a comprehensive solution to protect against ransomware attacks with a focus on ensuring immutability for your backup and secondary storage environment.  Veritas also partners with 3rd party malware and virus detection solutions to provide a holistic ransomware protection cycle based on the following principles: protect, detect, recover and mitigate.

Veritas NetBackup and Flex Appliance provide a fully immutable data protection solution to defend your backup data. Immutable and indelible data cannot be changed for a determined length of time to protect data against cybercriminal intrusion, internal threats, and random disk failures (assuming insufficient redundancy).  Write Once Read Many, known as WORM, is a way to ensure that any data managed by NetBackup and NetBackup Flex Appliance is protected with the following security measures:

  • Immutability: Ensures that backup images are read-only and cannot be modified, corrupted, or encrypted once they’re created.
  • Indelibility: protects the backup image from malicious deletion (i.e. being deleted before it expires).

Flex Appliance has an integrated immutable storage server to provide WORM capability, retention locks, and platform hardening against ransomware and malware threats.

The NetBackup master server communicates with the storage unit to gather immutability and indelibility capability and WORM retention period (min/max) settings. The master server then sets up immutability controls on the storage unit and applies a WORM retention policy. NetBackup provides backup image management with visual representation of immutable locks and image deletion after WORM retention periods (via CLI) while honoring legal holds on the catalog.

During a MSDP immutable storage server creation, you can specify the minimum and maximum retention periods. The minimum retention period is the shortest time that a WORM file can be retained in a storage unit. The maximum retention period is the longest retention period a file can have when configured as WORM. This feature provides you the flexibility to manage variable data retention requirements, and it helps you meet financial, government, and healthcare compliance requirements.

Compliance Clock is used to manage retention periods and is independent of the OS time. Flex Appliance has two lockdown immutability modes – Enterprise and Compliance. Either of these lockdown options can be enabled at any time. Any administrator can delete WORM storage instances in enterprise mode – but only if there is no immutable data. In compliance mode, no one can delete WORM storage instances that have immutable data.

The Flex Appliance brings agility, simplicity, and resilience to NetBackup data protection. You can use Flex Appliances to ensure data integrity and to detect, mitigate, and quickly recover from ransomware attacks with the Instant Access recovery feature. Check out this ransomware demo to see how easy it is to create WORM storage on a Flex Appliance.

Rachel Zhu
Senior Principal Technical Marketing, SDS and Appliances
VOX Profile